Cybersecurity breach in key MEA computers

A detailed investigation is on to determine the damage as initial reports suggest the spyware is linked to a server located in China. Sources said the computers affected include those in the Ministry’s sensitive Pakistan section and in the offices of senior Secretaries and Joint Secretaries.

While the MEA,when contacted,had no official comment,sources said one of the glaring glitches was that each time an email would be sent from an “infected” computer,a copy of it would automatically go to another email ID. The problem was first noticed in the computers of one of the Ministers of State that is usually operated by the Minister’s personal staff.

It was then decided to check all computers and that is when investigators from agencies concerned discovered that the spyware problem was a “large-scale” one. Spyware can do much more than monitor emails — it can even trawl through documents in a computer and relocate them.

As a security practice,each senior MEA official has two computers — one that connects to the Internet and the other for classified official work. This is to ensure that the computer with classified material is never exposed. In all likelihood,officials said,the damage in terms of “sensitive material” being exposed could be limited although its full extent can only be ascertained after the inquiry.

Initial analysis,sources said,shows that more than one form of spyware could have been injected into the network,possibly through an email that was subsequently forwarded to several officials. Also,officials travelling abroad use hotel Internet connections,which could have been another source.

The Foreign Secretary has held meetings to apprise officers of measures like encrypting messages. Circulars were sent to all officials asking them not to operate personal email accounts from office — like gmail or yahoo mail — and to keep off blogging or networking sites.

In May 2008,the MEA’s internal communication network was said to have been broken into by Chinese hackers. In fact,a series of intrusions into secure systems in the MEA were then traced to China. An attempt was even made to hack the National Informatics Centre in a bid to target the National Security Council around the same time.

The Virus Cocktail

Emails were compromised in the MEA. This can happen in many ways.

•Trojans: Search for files storing login names,passwords; use these to hack email accounts

•Keyloggers: Record all keystrokes made by user,send information to hacker who then analyses patterns to find passwords

•Netsky,Stration: Disables security features,propagates as email attachments. Once opened,scans for email addresses and emails itself to all addresses found